Abstract: Implementations of data security technologies are disclosed. In an implementation, a plurality of feature points of a user-selected image are determined. A first plurality of interactive operations performed on at least a portion of the plurality of feature points by a user are detected during lock screen passcode set up of a mobile computing device. The first plurality of interactive operations are stored. The user-selected image is displayed on a lock screen when the mobile computing device is in a locked state. A second plurality of interactive operations on a touchscreen of the mobile computing device are detected when the mobile computing device is in the locked state, and the mobile computing device is unlocked if the second plurality of interactive operations match the first plurality of interactive operations.

Abstract: Systems, methods, and computer media for mitigating cybersecurity vulnerabilities of systems are provided herein. A current cybersecurity maturity of a system can be determined based on maturity criteria. The maturity criteria can be ranked based on importance. Solution candidates for increasing the cybersecurity maturity of the system can be determined based on the ranking. The solution candidates specify cybersecurity levels for the maturity criteria. A present state value reflecting the current cybersecurity maturity of the system can be calculated. For the solution candidates, an implementation state value and a transition state value can be determined. The implementation state value represents implementation of the maturity levels of the solution candidate, and the transition state value represents a transition from the present state value to the implementation state value.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor and a memory; and executable instructions encoded in the memory to provide a client-only virtual private network (VPN) including a VPN client and a VPN server implementation on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services.

Abstract: A stopped vehicle information remote retrieval method includes an emergency personnel or first responder vehicle (FRV) establishing a vehicle connection between an infotainment system of a stopped vehicle and the FRV. The FRV sends a vehicle information request to the infotainment system of the stopped vehicle, via the vehicle connection, seeking release of vehicle information. The FRV obtains authentication of the vehicle information received in response to the vehicle information request. The FRV determines occupant status based on the vehicle information. The FRV communicates the passenger status to a first responder.

Abstract: Systems and methods for anonymous collection of malware-related data from client devices. The system comprising a network node configured to (i) receive a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device and/or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independent certification authority, (ii) transform the received first data structure by replacing the identifier of the client device with an anonymized identifier, and (iii) transmit the transformed first data structure containing the anonymized identifier and the encrypted data to a server.

Abstract: Systems and methods for anonymously transmitting data in a network are provided, in which a request data structure is received by a network node from a client device. A first substructure containing personal data (PD) and a second substructure not containing PD are identified in the request data structure, by the network node. The first substructure is encrypted, by the network node, and is transmitted along with the second substructure to a server. A response data structure is received, by the network node, from the server. The first encrypted substructure and a third encrypted substructure are identified, by the network node, in the response data structure. The first encrypted substructure is decrypted, by the network node, and is transmitted along with the third encrypted substructure to the client device. The third encrypted substructure can be decrypted and viewed by the client device.

Abstract: An authentication device management device includes a generating unit, a registration unit, a transmission unit, and a responding unit. The generating unit generates a pair of a first key to attach a signature with respect to an authentication result obtained by an authentication device that performs personal authentication of a user, and a second key to verify the signature attached to the first key. The registration unit registers, in association with each other, the key identifier that identifies the generated key pair and user identification information. The transmission unit transmits the first key generated by the generating unit to the authentication device used by the user. When the responding unit accepts a transmission request for the second key related to the authentication device in which the first key transmitted by the transmission unit has been set, the responding unit responds by instructing the authentication server to transmit the second key.

Abstract: The present invention provides a secure technique that allows two communication apparatus that perform encrypted communication to have a common initial solution. A large number of user apparatuses all have a function of generating the same solution under the same condition as far as the user apparatuses have the same initial solution, and can perform encrypted communication using solutions successively generated in synchronization from the same initial solution. All the user apparatuses and a server share the same initial solution and have a function of generating the same solution under the same condition and thus can generate synchronized solutions. The server generates synchronization information, which is information required to generate the initial solution but is not the initial solution itself (S2002), and transmits the synchronization information to at least one of two user apparatuses performing encrypted communication (S2003).

Abstract: An identity verification method and a verifying device, where the verifying device receives an account for requesting password reset. When the account is invalid, the verifying device sends a fake identification and a first verification request to a requesting device. The verification request mentioned requests a user to determine whether to send verification information to a first communication address. The fake identification and the first communication address are associated with the first account.

Abstract: A first wireless access device, associated with a wireless service provider, establishes a wireless local area network connection with a second wireless access device and receives a certificate including a unique identifier associated with the second wireless access device. The first wireless access device determines whether the second wireless access device is authorized to connect to the first wireless access device. For example, if the certificate is signed by a certificate authority associated with the wireless service provider and the unique identifier appears in a whitelist stored at the first wireless access device, the first wireless access device and the second wireless access device perform a mutual authentication procedure based on one or more ephemeral keys. The first wireless access device provides the second wireless access device with access to a wide area network based on successful completion of the mutual authentication procedure.

Abstract: Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported.

Abstract: Analyzing and mitigating website privacy issues by automatically classifying cookies.

Abstract: Techniques and apparatuses are described to enable a strategically coordinated fictitious ecosystem of disinformation for cyber threat intelligence collection in a computing network. The ecosystem comprises fictitious profiles and supporting fictitious infrastructure information to portray in-depth, apparent authenticity of the ecosystem. Malicious communications from an adversary directed at the ecosystem are monitored, and threat intelligence about the adversary is collected to prevent future attacks.

Abstract: Provided is an arrangement for monitoring, a monitoring device and intermediary device and method for monitoring an encrypted connection between a client and an access point in a network, wherein—an Extensible Authentication Protocol is used for access authentication of the client to the network on an authentication server, and—a transport layer security protocol having a key disclosure function is executed within the Extensible Authentication Protocol, in which security information for the cryptographic protection of the connection is provided to an intermediary device and is transmitted from the intermediary device to a monitoring device for monitoring the connection. Also provided is a computer program product of the same.

Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

Abstract: A method and console are provided to create and manage dispatch unit identities on multiple independent communications systems. A console server receives a first dispatch unit list from a first radio system. The first dispatch unit list includes a first plurality of dispatch unit IDs from the first radio system. The console server receives a second dispatch unit list from a second radio system. The second dispatch unit list includes a second plurality of dispatch unit IDs from the second radio system. The console server creates a first role that includes at most one dispatch unit ID from each radio system. Multiple roles can be created by the console server. Upon authenticating a dispatcher at the console server, the console server presents a menu of roles available to the dispatcher. The menu of roles can include all roles on the console server or only the roles that the dispatcher is allowed to choose and that are currently available.

Abstract: A technique for downloading a profile for access to a communication network by a security module. This access profile has been prepared by a network operator and is available from a server configured to provide this access profile by downloading to the security module. The security module obtains a first verification datum prepared by the network operator. A secure downloading session is established thereafter. During establishment, session keys are jointly generated between the server and the security module and the server is authenticated by the security module using a public downloading key. The security module verifies authenticity of the public downloading key by using the first verification datum enabling verification that the server uses a secret downloading key corresponding to that provided by the network operator during preparation of the first verification datum. When the public downloading key is not authentic, the security module interrupts downloading of the access profile.

Abstract: Techniques and apparatuses are described for a cybersecurity risk management tool to assess cybersecurity risk and prioritize cybersecurity correction plans. The cybersecurity risk management tool categorizes cybersecurity framework security controls into maturity indicator levels, identifies implementation states achieved by an entity with respect to the cybersecurity framework security controls, and determines which of the maturity indicator levels represents the implementation state achieved by the entity with respect to each of the cybersecurity framework security controls. A cost-benefit analysis for modifying from the implementation state achieved by the entity to a next implementation state to be achieved by the entity with respect to the cybersecurity framework security controls is also enabled. The cost-benefit analysis leverages factored weights including aspects indicative of security perspectives, Gaussian distributions, and the maturity indicator levels.

Abstract: A method performed on a processor to determine a probability of success of a cyber-attack on a target network such that the defenses of the target network may be evaluated is provided. The method includes (1) calculating a probability that the cyber-attack will successfully ingress to the target network; (2) calculating a probability that the cyber-attack will successfully move laterally in the target network by performing an action; (3) calculating a probability that the cyber-attack will successfully perform an action on objective. The calculated probabilities are combined to determine a probability that the cyber-attack will be successful such that the defenses of the target network may be evaluated.

Abstract: A device implementing a system for device-relationship based communication includes at least one processor configured to establish, by a first device associated with a first user, a secure communication channel with a second device associated with a second user via a direct wireless connection. The at least one processor is configured to transmit, over the secure communication channel, first device-identifying information to the second device, and receive, over the secure communication channel, second device-identifying information from the second device. The at least one processor is configured to establish a particular type of relationship with the second device, store the second device-identifying information in association with an indication of the particular type of relationship established with the second device, and transmit, to the second device and over the secure communication channel, the indication of the particular type of relationship established with the second device.